package xing.service.Interceptor;

/*******************************************************************************************  
 * 类描述：  
 *
 * @author: dustin
 * @date： 2017-8-18 10:26
 * @Description:
 * @version 1.0.0
 *
 *
 * Version    Date       ModifiedBy                 Content  
 * -------- ---------    ----------         ------------------------  
 * 1.0.0     2017-8-18    Administrator                            
 *******************************************************************************************
 */
import java.io.IOException;
import java.util.Arrays;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import xing.infrastructure.util.StringUtil;

@Component
public class CorsFilter implements Filter {

    @Value("${web.domain-blank}")
    private String domainBlank;
    @Value("${web.check-access}")
    private short checkAccess;

    private final Logger logger = LoggerFactory.getLogger(this.getClass());

    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) res;
        HttpServletRequest request = (HttpServletRequest) req;
        String originHeader =request.getHeader("Origin");
        logger.info("cors doamin:{}",domainBlank);
        addCrossHeader(response,originHeader);

        chain.doFilter(req, res);
    }

    private void addCrossHeader(HttpServletResponse response,String originHeader){
        if(checkAccess==0){//with no domain limit
            response.setHeader("Access-Control-Allow-Origin", "*");
            response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE");
            response.setHeader("Access-Control-Max-Age", "3600");
            response.setHeader("Access-Control-Allow-Headers", "Cache-Control, Pragma, Origin, Authorization, Content-Type, X-Requested-With");
        }else{
            if (!StringUtils.isEmpty(domainBlank) && Arrays.asList(domainBlank.split(",")).contains(originHeader)){
                response.setHeader("Access-Control-Allow-Origin", originHeader);
                response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE");
                response.setHeader("Access-Control-Max-Age", "3600");
                response.setHeader("Access-Control-Allow-Headers", "Cache-Control, Pragma, Origin, Authorization, Content-Type, X-Requested-With");
                response.setHeader("Access-Control-Allow-Credentials", "true");
            }
        }

    }

    public void init(FilterConfig filterConfig) {}

    public void destroy() {}

}
